PT-2019-6163 · Netty +2 · Netty +2

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.44 Description: The issue is related to the HttpObjectDecoder.java component in Netty, which lacks a check for the presence of a colon in HTTP headers. This could lead to incorrect syntax interpretation or be seen ...

HTTP Response Splitting

Armeria is vulnerable to HTTP response splitting. A remote attacker is able to inject arbitrary HTTP headers using CRLF characters sequence. This is due to using unsanitized data to populate the headers in an HTTP response. The vulnerability can potentially lead to successful cache poisoning and...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

[SECURITY] Fedora 31 Update: haproxy-2.0.10-1.fc31

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

USN-4201-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered tha...

EulerOS 2.0 SP2 : wget (EulerOS-SA-2019-2501)

According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRL...

Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-4201-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4201-1 advisory. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead ...

USN-4201-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to...

openSUSE Security Update : go1.12 (openSUSE-2019-2521)

This update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixe...

openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2521-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : go1.12 (openSUSE-2019-2522)

This update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixe...

OPENSUSE-SU-2019:2521-1 Security update for go1.12

This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixed:...

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2522-1 Rating: moderate References: 1141689 1152082 1154402 Cross-References: CVE-2019-16276 CVE-2019-17596 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is...

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2521-1 Rating: moderate References: 1141689 1152082 1154402 Cross-References: CVE-2019-16276 CVE-2019-17596 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is...

CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...

CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...

EulerOS 2.0 SP3 : http-parser (EulerOS-SA-2019-2238)

According to the versions of the http-parser package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 t...

Detecting Account Takeover Botnets

A botnet is a network of compromised computers - known as bots - usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for account takeover ATO, an attack used to obtain the val...

CVE-2016-1000232

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse an HTTP header with many semicolons could cause the application to consume an excessive amount of CPU...